package com.zhou.common.mybatis.template.shiro;

import com.zhou.common.mybatis.template.shiro.properties.FlowableCommonAppProperties;
import com.zhou.common.mybatis.template.shiro.service.CustomPersistentRememberMeServices;
import com.zhou.common.mybatis.template.shiro.service.TestTokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.RememberMeServices;

@EnableWebSecurity
public class MultiHttpSecurityConfig {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        BCryptPasswordEncoder passwordEncoder = encoder();

        auth
                .inMemoryAuthentication()
                .withUser("user").password(passwordEncoder.encode("1")).roles("USER").and()
                .withUser("admin").password(passwordEncoder.encode("1")).roles("USER", "ADMIN");
    }

    @Bean
    public BCryptPasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public RememberMeServices rememberMeServices(UserDetailsService userDetailsService, TestTokenService tokenService) {
        FlowableCommonAppProperties properties = new FlowableCommonAppProperties();
        CustomPersistentRememberMeServices customPersistentRememberMeServices = new CustomPersistentRememberMeServices(properties, userDetailsService, tokenService);
        return customPersistentRememberMeServices;
    }

    @Configuration
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        @Autowired
        RememberMeServices rememberMeServices;

        @Override
        public void configure(WebSecurity web) throws Exception{
            web.ignoring().antMatchers("/**/*.js","/**/*.css","/**/*.html","/favicon.ico");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin()
                    .successHandler(new RedirectAuthenticationSuccessHandler())
                    .and()
                    .sessionManagement()
                    //设置无状态，所有的值如下所示。
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                    .rememberMe().rememberMeServices(rememberMeServices)
                    .and()
                    .csrf()
                    .disable()
                    .httpBasic()
            ;
        }
    }
}

